[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20060727152712.GF5153@piware.de>
Date: Thu, 27 Jul 2006 17:27:12 +0200
From: Martin Pitt <martin.pitt@...onical.com>
To: ubuntu-security-announce@...ts.ubuntu.com
Cc: full-disclosure@...ts.grok.org.uk, bugtraq@...urityfocus.com
Subject: [USN-324-1] freetype vulnerability
===========================================================
Ubuntu Security Notice USN-324-1 July 27, 2006
freetype vulnerability
CVE-2006-3467
===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 5.04
Ubuntu 5.10
Ubuntu 6.06 LTS
This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.
The problem can be corrected by upgrading your system to the
following package versions:
Ubuntu 5.04:
libfreetype6 2.1.7-2.3ubuntu0.2
Ubuntu 5.10:
libfreetype6 2.1.7-2.4ubuntu1.2
Ubuntu 6.06 LTS:
libfreetype6 2.1.10-1ubuntu2.2
After a standard system upgrade you need to restart your session to
effect the necessary changes.
Details follow:
An integer overflow has been discovered in the FreeType library. By
tricking a user into installing and/or opening a specially crafted
font file, these could be exploited to execute arbitrary code with the
privileges of that user.
Updated packages for Ubuntu 5.04:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/f/freetype/freetype_2.1.7-2.3ubuntu0.2.diff.gz
Size/MD5: 55469 22d16c4f3ab2c4eab015dcc8f336ce99
http://security.ubuntu.com/ubuntu/pool/main/f/freetype/freetype_2.1.7-2.3ubuntu0.2.dsc
Size/MD5: 695 ec0bfc2c291757e9d30db54201946ba6
http://security.ubuntu.com/ubuntu/pool/main/f/freetype/freetype_2.1.7.orig.tar.gz
Size/MD5: 1245623 991ff86e88b075ba363e876f4ea58680
amd64 architecture (Athlon64, Opteron, EM64T Xeon)
http://security.ubuntu.com/ubuntu/pool/universe/f/freetype/freetype2-demos_2.1.7-2.3ubuntu0.2_amd64.deb
Size/MD5: 76246 1718a6f444257aeb573f019228311dd8
http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6-dev_2.1.7-2.3ubuntu0.2_amd64.deb
Size/MD5: 723688 8651fcec88e545b6bd41ead719c3524b
http://security.ubuntu.com/ubuntu/pool/universe/f/freetype/libfreetype6-udeb_2.1.7-2.3ubuntu0.2_amd64.udeb
Size/MD5: 238240 d75ec89b93e23495695d83cf04e106e7
http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6_2.1.7-2.3ubuntu0.2_amd64.deb
Size/MD5: 389520 47f2467f64491f023fde169b2e1daac0
i386 architecture (x86 compatible Intel/AMD)
http://security.ubuntu.com/ubuntu/pool/universe/f/freetype/freetype2-demos_2.1.7-2.3ubuntu0.2_i386.deb
Size/MD5: 57074 b8dfc28165ef707d7ccff6f1ddcd78b7
http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6-dev_2.1.7-2.3ubuntu0.2_i386.deb
Size/MD5: 688166 272205d732d611ccc9059d746a0fec82
http://security.ubuntu.com/ubuntu/pool/universe/f/freetype/libfreetype6-udeb_2.1.7-2.3ubuntu0.2_i386.udeb
Size/MD5: 208104 b5ff69244ebd5fafc405093f4c66257b
http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6_2.1.7-2.3ubuntu0.2_i386.deb
Size/MD5: 358920 df695f8579c9cfced57946f1694a5971
powerpc architecture (Apple Macintosh G3/G4/G5)
http://security.ubuntu.com/ubuntu/pool/universe/f/freetype/freetype2-demos_2.1.7-2.3ubuntu0.2_powerpc.deb
Size/MD5: 81976 d32762739aa42a17e83e7782ea7593ab
http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6-dev_2.1.7-2.3ubuntu0.2_powerpc.deb
Size/MD5: 729990 7ac5ac91e87b2f7397dad7badfd8fe82
http://security.ubuntu.com/ubuntu/pool/universe/f/freetype/libfreetype6-udeb_2.1.7-2.3ubuntu0.2_powerpc.udeb
Size/MD5: 227726 80e32a6fe3342931d40fa66fde70d1c5
http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6_2.1.7-2.3ubuntu0.2_powerpc.deb
Size/MD5: 378686 5ec5252b14c13f9aafe0942c7200c3d7
Updated packages for Ubuntu 5.10:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/f/freetype/freetype_2.1.7-2.4ubuntu1.2.diff.gz
Size/MD5: 56886 bfb6ddcd3ee0b1b2165d69242e8cf795
http://security.ubuntu.com/ubuntu/pool/main/f/freetype/freetype_2.1.7-2.4ubuntu1.2.dsc
Size/MD5: 695 ac8e7fbf7319163e1c1b80ddd39cd2b8
http://security.ubuntu.com/ubuntu/pool/main/f/freetype/freetype_2.1.7.orig.tar.gz
Size/MD5: 1245623 991ff86e88b075ba363e876f4ea58680
amd64 architecture (Athlon64, Opteron, EM64T Xeon)
http://security.ubuntu.com/ubuntu/pool/universe/f/freetype/freetype2-demos_2.1.7-2.4ubuntu1.2_amd64.deb
Size/MD5: 75538 f67d2e22c7b2273cd11354ec371f8874
http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6-dev_2.1.7-2.4ubuntu1.2_amd64.deb
Size/MD5: 722922 a127c57c8962185c2a4dc5143d8c76fc
http://security.ubuntu.com/ubuntu/pool/universe/f/freetype/libfreetype6-udeb_2.1.7-2.4ubuntu1.2_amd64.udeb
Size/MD5: 241766 e3d145f8588068d7cd8a2442ffe7f503
http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6_2.1.7-2.4ubuntu1.2_amd64.deb
Size/MD5: 392870 ce6b8f293838423189e2192f763f22cd
i386 architecture (x86 compatible Intel/AMD)
http://security.ubuntu.com/ubuntu/pool/universe/f/freetype/freetype2-demos_2.1.7-2.4ubuntu1.2_i386.deb
Size/MD5: 52860 a58cfbbd0bd00a370358cfe38301d724
http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6-dev_2.1.7-2.4ubuntu1.2_i386.deb
Size/MD5: 686330 3e87473db7907faa5478757bf7b146d4
http://security.ubuntu.com/ubuntu/pool/universe/f/freetype/libfreetype6-udeb_2.1.7-2.4ubuntu1.2_i386.udeb
Size/MD5: 209226 1ad43cf462ee9638824f9f6220fbdb3f
http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6_2.1.7-2.4ubuntu1.2_i386.deb
Size/MD5: 361008 7cef230cb176dbb5333515efc8b4de01
powerpc architecture (Apple Macintosh G3/G4/G5)
http://security.ubuntu.com/ubuntu/pool/universe/f/freetype/freetype2-demos_2.1.7-2.4ubuntu1.2_powerpc.deb
Size/MD5: 80654 50fa4d6c2d6b86d0bc59c5d60f2bfb81
http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6-dev_2.1.7-2.4ubuntu1.2_powerpc.deb
Size/MD5: 729244 d93709e092a755113b1ca7003ac8a150
http://security.ubuntu.com/ubuntu/pool/universe/f/freetype/libfreetype6-udeb_2.1.7-2.4ubuntu1.2_powerpc.udeb
Size/MD5: 230622 7628ce28e88c99a1d9ad65884d743e4a
http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6_2.1.7-2.4ubuntu1.2_powerpc.deb
Size/MD5: 382386 ca1b6b1b2fe55bbc8db3f30e378b0815
sparc architecture (Sun SPARC/UltraSPARC)
http://security.ubuntu.com/ubuntu/pool/universe/f/freetype/freetype2-demos_2.1.7-2.4ubuntu1.2_sparc.deb
Size/MD5: 68644 0a915a243336cce0e8bc2e2c1b8b75d2
http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6-dev_2.1.7-2.4ubuntu1.2_sparc.deb
Size/MD5: 699930 8ca38cbea67853872f9a2dc5e88155e4
http://security.ubuntu.com/ubuntu/pool/universe/f/freetype/libfreetype6-udeb_2.1.7-2.4ubuntu1.2_sparc.udeb
Size/MD5: 216440 696a36b38764b5a5705dbe3031b26912
http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6_2.1.7-2.4ubuntu1.2_sparc.deb
Size/MD5: 367194 32d9b3ec3cb1195df32fbac748b26781
Updated packages for Ubuntu 6.06 LTS:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/f/freetype/freetype_2.1.10-1ubuntu2.2.diff.gz
Size/MD5: 58955 86284166a61c0365d4ca694b56f8a6f9
http://security.ubuntu.com/ubuntu/pool/main/f/freetype/freetype_2.1.10-1ubuntu2.2.dsc
Size/MD5: 712 263a6ca4799908f31d10d36328f7a638
http://security.ubuntu.com/ubuntu/pool/main/f/freetype/freetype_2.1.10.orig.tar.gz
Size/MD5: 1323617 adf145ce51196ad1b3054d5fb032efe6
amd64 architecture (Athlon64, Opteron, EM64T Xeon)
http://security.ubuntu.com/ubuntu/pool/universe/f/freetype/freetype2-demos_2.1.10-1ubuntu2.2_amd64.deb
Size/MD5: 133858 5f39edee770917a61469583275646023
http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6-dev_2.1.10-1ubuntu2.2_amd64.deb
Size/MD5: 717436 82a1775b7b011358d28dd1c5a32d2351
http://security.ubuntu.com/ubuntu/pool/universe/f/freetype/libfreetype6-udeb_2.1.10-1ubuntu2.2_amd64.udeb
Size/MD5: 251628 3b663b79c67f75bf884f762227fa829f
http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6_2.1.10-1ubuntu2.2_amd64.deb
Size/MD5: 439684 10d778bea1438aeee117099b58f1f4cc
i386 architecture (x86 compatible Intel/AMD)
http://security.ubuntu.com/ubuntu/pool/universe/f/freetype/freetype2-demos_2.1.10-1ubuntu2.2_i386.deb
Size/MD5: 117360 953068d4342325955839f8726caa3e6b
http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6-dev_2.1.10-1ubuntu2.2_i386.deb
Size/MD5: 677424 240dbf5db935844608cd79bc72ab7552
http://security.ubuntu.com/ubuntu/pool/universe/f/freetype/libfreetype6-udeb_2.1.10-1ubuntu2.2_i386.udeb
Size/MD5: 227210 3f6f98f2b23e6d9b521d944484c6b952
http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6_2.1.10-1ubuntu2.2_i386.deb
Size/MD5: 415294 6b64562d15b698514ad756e8fa2cbe5a
powerpc architecture (Apple Macintosh G3/G4/G5)
http://security.ubuntu.com/ubuntu/pool/universe/f/freetype/freetype2-demos_2.1.10-1ubuntu2.2_powerpc.deb
Size/MD5: 134254 430853b27da9b5e9cee471d26894c056
http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6-dev_2.1.10-1ubuntu2.2_powerpc.deb
Size/MD5: 708424 67ab9f899b0d5be1980c72a5bc18245a
http://security.ubuntu.com/ubuntu/pool/universe/f/freetype/libfreetype6-udeb_2.1.10-1ubuntu2.2_powerpc.udeb
Size/MD5: 241400 074a3b9dc07de4cbb8dbb9dc48a1f573
http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6_2.1.10-1ubuntu2.2_powerpc.deb
Size/MD5: 429766 68084f2259f5f0e98ac76d14809101be
sparc architecture (Sun SPARC/UltraSPARC)
http://security.ubuntu.com/ubuntu/pool/universe/f/freetype/freetype2-demos_2.1.10-1ubuntu2.2_sparc.deb
Size/MD5: 120078 e115a0a19e9c1da6f440a8b947bf391e
http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6-dev_2.1.10-1ubuntu2.2_sparc.deb
Size/MD5: 683520 4d047cba5a3beb77063659ac486e757f
http://security.ubuntu.com/ubuntu/pool/universe/f/freetype/libfreetype6-udeb_2.1.10-1ubuntu2.2_sparc.udeb
Size/MD5: 222358 9d74b30ebd753b679895093a3fc734aa
http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6_2.1.10-1ubuntu2.2_sparc.deb
Size/MD5: 410764 5716abdb3f42c880928e5c39c2dc12a9
Download attachment "signature.asc" of type "application/pgp-signature" (190 bytes)
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists